file inclusion

Contrary to this blog’s usual material, this time I want to write about a quick technique I found to work pretty well today for transferring files between two hosts using the xxd and hexdump utilities!

I needed to use this technique as part of a pentest, as the host was a bit limited on the tools on the box. The prerequisites for this to happen are a page with a file inclusion vulnerability (preferably remote) and for the PHP configuration to not have turned off the system function.